h dZddlZddlmZmZmZmZmZmZm Z ddl m Z m Z m Z mZmZmZmZmZddlZddlmZddlmZddlmZmZmZmZmZmZmZm Z ddl!m"Z"dd l#m$Z$dd l%m&Z&dd l'm(Z(m)Z)m*Z*dd l+m,Z,m-Z-dd l.GddZ/Gdde Z0e ddge e,gZ1dZ2de3fdZ4de3fdZ5de6de0fdZ7dhdee3dee3dee8dee3effd Z9d!e:dee3fd"Z;d#ee3dee<fd$Z=de3d%ee3d&ee3ddfd'Z>d(efd)Z?e1jd*eAd+e e"e e?g,d-efd.ZBe1jd/eCd+e e"e e?g,ed0d01ed2d0d34edfd5eDd6eDd7ee3fd8ZEe1jd9e6d+e e"e e?g,ed:d;<fde3fd=ZFe1jd/e6d>e e"e e?g,e d:fde6fd?ZHe1jd9e6d+e e"e e?g,ed:d;<e d:fde3de6fd@ZJe1jd9dAe e"gBed:d;<fde3fdCZLdDedee3fdEZMdFe3dDedGee3efddfdHZNdFe3dDedGee3efddfdIZOdFe3dDedJee3efddfdKZPdLe3dFe3dDedMee3efddf dNZQdFe3dDedOee3deee3fdPZRdLe3dFe3dDedJee3efddf dQZSdRedSeTdeee3efee3ffdTZUde3dUee3dVee3de8fdWZVe1jd9e6d+e e"e e?g,ed:d;<e d:fde3dSeTfdXZXe1jdYeCd+e e"e e?g,ed0d01ed2d0d34edfd5eDd6eDd7ee3fdZZYe1jd[e:d+e e"e e?g,ed:d\<fd]e3fd^ZZe1jdYe:d>e e"e e?g,e d:fd!e:fd_Z[e1jd[e:d+e e"e e?g,ed:d\<e d:fd]e3d!e:fd`Z\e1jd[dAe e"gBed:d\<fd]e3fdaZ]dSeTdeee3efee3ffdbZ^d]e3dGee3efdcee3fddZ_d]e3deee3dcee3fdfZ`e1jd[e:d+e e"e e?g,ed:d\<e d:fd]e3dSeTfdgZay)iu ✨ SCIM v2 Endpoints for LiteLLM Proxy using Internal User/Team Management This is an enterprise feature and requires a premium license. N)AnyDictListOptionalSetTuple TypedDict) APIRouterBodyDepends HTTPExceptionPathQueryRequestResponse)verbose_proxy_logger safe_dumps)LiteLLM_UserTableLitellmUserRolesMemberNewTeamRequestNewUserRequestTeamMemberAddRequestTeamMemberDeleteRequestUserAPIKeyAuth)user_api_key_auth)new_user)ScimTransformations)new_teamteam_member_addteam_member_delete)_premium_user_checkhandle_exception_on_proxy)*c0eZdZdZededeefdZy)UserProvisionerHelpersz0Helper methods for user provisioning operations.new_user_requestreturnc K|jsy|jjjd|jid{}|sy|jjj d|j i|j |j|j |jt|jdd{}tj|d{S77#7w)a< Check if a user with the given email already exists and update them if found. Args: prisma_client: Database client new_user_request: New user request data Returns: SCIMUser if user was updated, None if no existing user found N user_emailwhereuser_id)r.r+ user_aliasteamsmetadatar-data) r+dblitellm_usertable find_firstupdater.r/r0rr1r#transform_litellm_user_to_scim_user) prisma_clientr( existing_user updated_users k/var/www/Befach/backend/env/lib/python3.12/site-packages/litellm/proxy/management_endpoints/scim/scim_v2.pyhandle_existing_user_by_emailz4UserProvisionerHelpers.handle_existing_user_by_email3s **+..@@KK!1!C,C(C,!C*"C,(C,*C,N) __name__ __module__ __qualname____doc__ staticmethodrrSCIMUserr=r<r'r'0s2:$[($[ ( $[$[rEr'ceZdZUdZeeed<eeed<eeed<eeed<eeed<eeed<eeed<y ) ScimUserDataz-Typed structure for extracted SCIM user data.r+r/ sso_user_idr0 given_name family_nameactiveN) r>r?r@rArstr__annotations__rboolrDrEr<rGrG[sK7  # 9 # TNrErGz/scim/v2u✨ SCIM v2 (Enterprise Only))prefixtags dependenciesc<Kddlm}|tdddi|Sw)z>Check if database is connected and raise HTTPException if not.rr9ierrorzNo database connected status_codedetail)litellm.proxy.proxy_serverr9r rSs r<%_get_prisma_client_or_raise_exceptionrYns(8W>U4VWW sr.cKtd{}|jjjd|id{}|st ddd|i|S7J7w)z=Check if user exists and return user, raise 404 if not found.Nr.r,rTzUser not found with ID: rU)rYr4r5 find_uniquer )r.r9users r<_check_user_existsr^wsw?AAM!!33??'"@ D W0H .R$S   KB !AA/AAAAteam_idcKtd{}|jjjd|id{}|st ddd|i|S7J7w)z=Check if team exists and return team, raise 404 if not found.Nr`r,r[rTzGroup not found with ID: rU)rYr4litellm_teamtabler\r )r`r9teams r<_check_team_existsrdsw?AAM!!33??'"@ D W0I'.S$T   KB r_r]r)c$d}|jr1t|jdkDr|jdj}d}|jr,|jjr|jj}g}|j r#|j Dcgc]}|j}}|||j ||jr|jjnd|jr|jjnd|jdScc}w)z)Extract common data from SCIMUser object.Nr)r+r/rHr0rIrJrK) emailslenvaluename givenNamegroups externalId familyNamerK)r]r+r/r0groups r<_extract_scim_user_datarosJ {{s4;;'!+[[^)) J yyTYY((YY(( E {{*.++666! -1YYdii))D/3yytyy++d++ 7sD rIrJrKcNdt||ji}|||d<|S)z)Build metadata dictionary with SCIM data. scim_metadata)rjrm scim_active)LiteLLM_UserScimMetadata model_dump)rIrJrKr1s r<_build_scim_metadatarus< 1 "  *,  H"( OrErnc(Ktd{}g}|jri|jD]Z}|jjj d|j id{}|s@|j |j \|S7}7(w)z?Extract valid member IDs from SCIMGroup, verifying users exist.Nr.r,)rYmembersr4r5r\rhappend)rnr9 member_idsmemberr]s r<_extract_group_member_idsr{s?AAMJ }}mmF&));;GG &,,/HD!!&,,/ $ B s(BBAB'B(B/ BBryc2Ktd{}g}|D]u}|jjjd|id{}|s6|jxs |j }|j t|j |w|S77Mw)zCGet SCIMMember objects with display names for a list of member IDs.Nr.r,)rhdisplay)rYr4r5r\r+r.rx SCIMMember)ryr9rw member_idr] display_names r<_get_team_members_displayrs?AAM "G "%%77CCi(D   ??:dllL NN:DLL,O P   NB s(BB6BBBABBexisting_teams new_teamscKt|}t|}||z }||z }|s|r)t|t|t|d{yy7w)z8Handle adding/removing user from teams based on changes.r.teams_ids_to_add_user_toteams_ids_to_remove_user_fromN)setpatch_team_membershiplist)r.rrexisting_teams_set new_teams_set teams_to_addteams_to_removes r<_handle_team_membership_changesrsc^, NM #55L(=8O#%),%7*.*?   ' sAA A Aresponsec*Kd|jd<yw)z5Sets the Content-Type header to application/scim+jsonzapplication/scim+jsonz Content-TypeN)headers)rs r<set_scim_content_typers(?H^$sz/ServiceProviderConfig)response_modelrVrQrequestcRKdt|jd}t|Sw)z+Return SCIM Service Provider Configuration.ServiceProviderConfig) resourceTypelocation)meta)rLurlSCIMServiceProviderConfig)rrs r<get_service_provider_configrs+0 $ D %$ //s%'z/Users)ge d)rle startIndexcountfilterc K td{}i}|rYd|vr)|jddjd}||d<n,d|vr(|jddjd}||d <|jjj ||dz |d d i d{}|jjj | d{}g} |D]1} tj| d{} | j| 3t||t|t| | S7 77c7@#t$r} t| d} ~ wwxYww)z; Get a list of users according to SCIM v2 protocol Nz userName eqz userName eq r"'r.zemails.value eqzemails.value eq r+ created_atdescr-skiptakeorderr,r] totalResultsr itemsPerPage Resources)rYsplitstripr4r5 find_manyrrr8rxSCIMListResponseminrg Exceptionr$) rrrr9where_conditionsr.emailusers total_count scim_usersr] scim_useres r< get_usersrs,+CEE  & ,,~6q9??F.5 +"f, %78;AA%H16 . ""44>>& 1n#V, ?  *,,>>DD"E  &( D1UUI   i (   $!UC O4   GF   +'**+soE D:D1BD:$D4%-D:D6$D:7D888D:0E1D:4D:6D:8D:: E EEEz/Users/{user_id}.zUser ID)titlecK t|d{}tj|d{}|S7#7#t$r}t |d}~wwxYww)z? Get a single user by ID according to SCIM v2 protocol N)r^rr8rr$)r.r]rrs r<get_userrEs\+'00.QQRVWW  1X +'**+s=A:6:8:A:: A AAAc K tjd|td{}t|}|jrX|j j jd|jid{}|rtddd|ji|jxsttj}t|d |d }tj}tj rtj j#d }t%||d |d |d|d|}t&j)||d{}|r|St+|d{} t-j.| d{} | S7b77B7,7#t$r} | d} ~ wt0$r} t3| d} ~ wwxYww)z5 Create a user according to SCIM v2 protocol zSCIM CREATE USER request: %sNr.r,rTz#User already exists with username: rUrIrJ user_roler+r/r0F)r.r+r/r0r1auto_create_keyr)r9r()r3r)rdebugrYrouserNamer4r5r\r rLuuiduuid4rurINTERNAL_USER_VIEW_ONLYlitellmdefault_internal_user_paramsgetrr'r=rrr8rr$) r]r9 user_datar:r.r1 default_roler(existing_user_scim created_userrrs r< create_userr[s?+""#A4HCEE ,D1  =="/"2"2"D"D"P"P $--0#Q#M# ##'J4==/%Z[ --43tzz|#4' ,(?=AYZ  4 4   / /"??CCKPL) . .G$!" $:#W#W'-$X$   % %%!  .QQ  sFF     +'**+sF?#FF AF8F 9CF F FF?F$F%FFFF? F FFFF F<F  F<, F77F<<F?c|Ktjd| td{}t|d{}t |}t |d|d|d}t ||jxsg|dd{|d|d |d |d|d }d |vr't|d trd dl m }||d |d <|jjjd|i|d{}tj |d{} | S7777)7#t"$r} t%| d} ~ wwxYww)zH Update a user according to SCIM v2 protocol (full replacement) zSCIM PUT USER request: %sNrIrJrKr0r.rrr+r/rH)r+r/rHr0r1r1rrr.r2)rrrYr^rorurr0 isinstancedict*litellm.litellm_core_utils.safe_json_dumpsrr4r5r7rr8rr$) r.r]r9r:rr1 update_datarr;rrs r< update_userrsv:DA.+CEE 099 ,D1 ( l # m $ h  .(..4"(   $L1#L1$]3w'    $K 4KT)R M&0Z1H&IK #*--??FFg&G  .QQR^__ UF9 ( ` +'**+sD< D DD DAD DA/D 2D3D DD D<D D D D D D9) D44D99D<)rVrQcK td{}t|d{}g}|jrU|jD]F}|jjj d|id{}|s6|j |H|D]i}|jxsg}||vs|Dcgc] }||k7s | }}|jjjd|jid|id{k|jjjd|id{tdS7%77cc}w7O7#t$r} t| d} ~ wwxYww) z5 Delete a user according to SCIM v2 protocol Nr`r,rwr2r.rrV)rYr^r0r4rbr\rxrwr7r`r5deleterrr$) r.r9r:r0r`rccurrent_membersm new_membersrs r< delete_userrsn+CEE 099    (..*--??KK$g.LLL& /D"ll0bO/)*9JQQ'\qJ J#&&88??$dll39k:R@ 0077y'>R7SSSC((3F9 K T +'**+sE# ED6ED9A E1D<2E9,E&E* D>5D>9:E3E41E%E&E5E#6E9E<E>EE E  EE  E#rhcg}t|trv|D]o}t|tr;|jdr*|j t |jdNt|t s_|j |q|St|tr<|jdr)|j t |jd|St|t r|j ||S)z)Return group ids from a SCIM patch value.rh)rrrrrxrL)rh group_valuesvs r<_extract_group_valuesrs L%A!T"quuW~##Cg$78As###A&   E4 99W    EIIg$6 7 8  E3 E" rEop_typerc6|dk(rd|d<yt||d<y)zHandle displayname updates.removeNr/rLrrhrs r<_handle_displayname_updater$s"($( L!$'J L!rEc6|dk(rd|d<yt||d<y)zHandle externalid updates.rNrHrrs r<_handle_externalid_updater,s"(%) M"%(Z M"rEr1c|dk(r|jddy|}t|tr|jdk(}n t |}||d<y)zHandle active status updates.rrrNtrue)poprrLlowerrN)rrhr1bool_vals r<_handle_active_updater4sJ( ]D) eS !{{}.HE{H"*rEpathrqc|dk(r'|dk(r|jddyt||d<y|dk(r'|dk(r|jddyt||d<yy)z2Handle name field updates (givenName, familyName).name.givennamerrjNname.familynamerm)rrL)rrrhrqs r<_handle_name_updaterAse  h    k4 0),UM+ & " " h    lD 1*-e*M, ' #rE teams_setct|}|dk(r t|S|dk(r|j|y|dk(r|D]}|j|y)z(Handle group/team membership operations.replaceaddrN)rrr7discard)rrhrrgids r<_handle_group_operationsrOs_(/L)<  E &  H C   c " rEc>|dk(r|j|dy|||<y)z5Handle generic metadata operations for unknown paths.rN)r)rrrhr1s r<_handle_generic_metadatar\s!( T4 rEr: patch_opsc2i}|jxsi}|jdi}t|jxsg}d}|jD]}|j xsdj }|j} |j} |dk(rt| | |L|dk(rt| | |_|dk(rt| | |r|dvrt|| | ||jdrt| | |} | | }t|| | |||n|} ||d<||d <|| fS) zAApply patch operations and return update data and final team set.rqN displayname externalidrK)rrrkr1)r1rrr0 Operationsrrrhoprrrr startswithrr) r:rrr1rqrreplace_team_setr rrhrnew_replace_setfinal_team_sets r<_apply_patch_opsrds1 #%K%%+HLL"5Mm117R8I+/"" 2$$&%% = &w{ C \ ! %guk B X  !'5( ; : : gum D __X &6wyQO*#2 $T7E8 D%#(*:)E%9N -H_&K   &&rErrc K|D]F} tt|t|dttj d{H|D];} tt|| ttj d{=y 7G#t $r%}tjd|d|Yd}~d}~wwxYw7:#t $r%}tjd |d|Yd}~d}~wwxYww) z' Add or remove user from teams r]r.role)r`rzr)r3user_api_key_dictNzError adding user to team z: )r`r.zError removing user from team T) r!rrrr PROXY_ADMINrr exceptionr"r)r.rr_team_idrs r<rrs- ]%- (%gFC'5?O?[?[&\ -2 ]$,XwO"0;K;W;W"X  2 ) ]$..1KH:UWXYWZ/[\\ ]   ] * *-KH:UWXYWZ+[ \ \ ]s|C5>BBB C53CCC C5B B?B:5C5:B??C5C C2 C-(C5-C22C5cZKtjd| td{}t|d{}t ||\}}t ||j xsgt|d{t||d<d|vr't|dtrddl m }||d|d<|jjjd |i| d{}tj |d{}|S7777)7#t"$r} t%| d} ~ wwxYww) z4 Patch a user according to SCIM v2 protocol zSCIM PATCH USER request: %sN)r:rrr0r1rrr.r2)rrrYr^rrr0rrrrrr4r5r7rr8rr$) r.rr9r:rrrr;rrs r< patch_userrs?*   $N3 G  $K 4KT)R M&0Z1H&IK #*--??FFg&G  .QQR^__ ;F9  ` +'**+sD+ DDDDD ?DD+DD D D D D( D##D((D+z/Groupsc K td{}i}|r,d|vr(|jddjd}||d<|jjj ||dz |ddi d{}|jjj | d{}g}|D]} t| jxsgd{} tjd | t| d| j}| jr| jjnd} | jr| jjnd} t!d g| j|| d | | d} |j#| tjd|t%||t'|t)||S77I77#t*$r}t-|d}~wwxYww)z< Get a list of groups according to SCIM v2 protocol NzdisplayName eqzdisplayName eq rr team_aliasrrrr,zSCIM GET GROUPS members: +urn:ietf:params:scim:schemas:core:2.0:GroupGrouprcreated lastModifiedschemasid displayNamerwrzSCIM GET GROUPS response: r)rYrrr4rbrrrrwrrgetattrr`r isoformat updated_at SCIMGrouprxrrrgrr$)rrrr9rrr0r scim_groupsrcrwteam_created_atteam_updated_at scim_grouprs r< get_groupsr/s7+CEE  6)#\\*;>DD"E   D5dll6HbIIG & &)B7)'L M |T\\BJ=A__doo779RVO=A__doo779RVO"FG<<&$+.$3 J   z *'* ""%? }#MN$!UC $45!   ]F  J6 +'**+spG$ GF=A%G7G8-G%G&'G GC.G<G$=GGGG G! GG!!G$z/Groups/{group_id}zGroup IDgroup_idcK t|d{}tj|d{}tjd||S7;7 #t $r}t |d}~wwxYww)z@ Get a single group by ID according to SCIM v2 protocol NzSCIM GET GROUP response: )rdr$transform_litellm_team_to_scim_grouprrrr$)r0rcr.rs r< get_groupr3%su +'11.SS    ""%>zl#KL 2 +'**+sHA.AAAAA A.AA A+ A&&A++A.cK td{}|jxsttj}|j j jd|id{}|rtddd|it|d{}|Dcgc]}t|d }}tt||j| td d d tt j"d{}t%j&|d{}|S777cc}w7/7#t($r} t+| d} ~ wwxYww)z6 Create a group according to SCIM v2 protocol Nr`r,rrTzGroup already exists with ID: rUr]r)r`rmembers_with_roleshttpz/scim/v2/Groups)typer)scoper)r3 http_requestr)rYr%rLrrr4rbr\r r{rr rr&rrrrrr2rr$) rnr9r` existing_teamryrr5 created_teamr.rs r< create_groupr<>sW%+CEE ((/c$**,/,..@@LLg&M   #A'!KL  5U;; V`afYVDaa& ,,#5 !@Q'RS,7G7S7ST  /SS   EF  <a   +'**+sE D2D"AD2,D%-&D2D'D2D)0AD2>D.?D2D0D2!E"D2%D2'D2)D20D22 E ; EE  Ec >K td{}t|d{}t|d{}|jr |jni}|jj j d|i|j|i|d|jidd{}|jxsg}|D]}||vs|jjjd|id{} | s;| jxsg} || vsP|jjj d|idd |iid{|D]}||vs|jjjd|id{} | s;| jxsg} || vsP| D cgc] } | |k7s |  } } |jjj d|id| id{t|d{} |jr|jjnd}|j r|j jnd}t#d g||j$xs|| d ||d  S7S7C7377787cc} w77#t&$r}t)|d}~wwxYww)z6 Update a group according to SCIM v2 protocol Nr` scim_data)rrwr1r2r.r,r0pushrrr r#)rYrdr{r1r4rbr7r&rtrwr5r\r0rrr(r)r*rrr$)r0rnr9r:ryexisting_metadata updated_teamrrr]current_user_teamstrrwr,r-rs r< update_grouprDrsH+CEE 0:: 5U;; 7D6L6LM22RT*--??FFh'#//%R0R+u?O?O?QRG  (//52$I/*--??KK$i0L)-)9r&'99+..@@GG#,i"8")FH+=!>H$)I **--??KK$i0L)-)9r&#550B$T1a8mQ$T $T+..@@GG#,i"8?SH)2*==4@3J3JL # # - - /PT 4@3J3JL # # - - /PT BC$//;8 '* /  uF:<   %U >* +'**+sJ JI$JI'JI*A,J$I-%J+J.I0/J6J 0J;I3<J +J7I68J?JJ I8#I8'0JI=J,I?-A6J#J$J'J*J-J0J3J6J8J?J J JJJcnK td{}t|d{}|jxsgD]}|jjj d|id{}|s6|j xsg}||vsK|Dcgc] }||k7s | }}|jjjd|id|id{|jjjd|id{tdS777cc}w7M7#t$r}t|d}~wwxYww) z6 Delete a group according to SCIM v2 protocol Nr.r,r0r2r`rr) rYrdrwr4r5r\r0r7rbrrrr$) r0r9r:rr] current_teamsrCrrs r< delete_grouprGsL+CEE 0:: '..4"4I&));;GG ),HD $ 0b },,9 KqQ(] KI K'**<<CC()4GY;OD50077y(>S7TTTC(('F: !L U +'**+sD5 DD DD AD'D(D/DD DD0DD1D9D:D D5 D DDDD D2" D--D22D5cKi}|jxsi}|r t|ni}t|jxsg}|j }|j D]U}|j xsdj} |j} |j} | dk(r| dk(rd|d<Jt| |d<Y| dk(r'| dk(r|jddvt| |d<| jdrt| } g} | D]F}|jjj!d |i d{}|s6| j#|H| d k(r t| }| d k(r|j%| | dk(s| D]}|j'|8| dk(r|j| dQ| || <X|r||d <||fS7w)zNProcess patch operations for a group and return update data and final members.rr rNrr rlrwr.r,rrr1)r1rrrwcopyr rrrhr rLrr rr4r5r\rxr7r)rr:r9rr@r1r final_membersr rrhr member_values valid_membersrr]s r<_process_group_patch_operationsrMs #%K&..4"*;t%&H-//526O#((*M"" 2$$&%% = (",0 L),/J L) \ !(" \40),U& __Y '1%8MM* *--??KK$i0L!((3 +)# #M 2 E!$$]3H$!.I!)))4"/(" T4(!&O#T"* J  %%1s D*F?,F=-F?4AF?7AF?rJcKd|vr$t|dtrt|d|d<t||d<|jj j d|i|d{}|S7w)z1Apply patch updates to the group in the database.r1rwr`r2N)rrrrr4rbr7)r0rrJr9rAs r<_apply_group_patch_updatesrO0s[ Z J0G%N",[-D"E J"-0K '));;BB(# CL  sA#A.%A,&A.rcK||z }||z }tjd|tjd||D]}t||ggd{|D]}t|g|gd{y7%7 w)z.Handle adding/removing members from the group.zmembers_to_add: zmembers_to_remove: rN)rrr)r0rrJmembers_to_addmembers_to_removers r< _handle_group_membership_changesrSGs #_4N'-7!1.1ABC!45F4GHI$ #&.Z*,   $' #%'+3*   '   s$AA>A:A>2A<3A><A>cKtjd| td{}t|d{}t |||d{\}}t |j xsg}t||||d{}t|||d{tj|d{}|S777n7>7+7#t$r} t| d} ~ wwxYww)z5 Patch a group according to SCIM v2 protocol zSCIM PATCH GROUP request: %sN) rrrYrdrMrrwrOrSrr2rr$) r0rr9r:rrJrrAr.rs r< patch_grouprUcs=yI+CEE 0:: ,K }m, & " ] m339r:8 k=-  / o}   /SS   3F:&    +'**+sC" CB:CB<CB>1CCCCC3C4C9C":C<C>CCCC C CCC")N)brArtypingrrrrrrr fastapir r r r rrrrrlitellm._loggingrrrlitellm.proxy._typesrrrrrrrr$litellm.proxy.auth.user_api_key_authr:litellm.proxy.management_endpoints.internal_user_endpointsrrfsF  CCC   1A   CO O>([([V9  ) *-./  c  c  (|2 Xc] # X`aeXf rvwz|wsA 9c" S d:>N   3  S  ^bcf^g  lp  "?(? ,+,g6K.LM  0w0  0  #+,g6K.LM A!nraC(!$K4+4+ 4+ SM4+  4+n +,g6K.LM 9-+ +  +   +,g6K.LM #YE+ E+  E+P +,g6K.LM 9-#Y7+ 7+ 7+  7+t +,- 9-"+ "+  "+Jc"//C/d3PS8n/Y]/0s030T#s(^0X\0 +3 +s +d38n +QU + 5c 5C 5 5DQTVYQYN 5_c 5 c # #c( xX[\_X`Oa 3SDQTVYQYN_c#'$#'#' 4S>3s8 #$#'J "3i$(9 @ +,g6K.LM 9-!#Y*+ *+*+  *+\  #+,g6K.LM A!nraC(!$K?+?+ ?+ SM?+  ?+D +,g6K.LM J/++  +&  +,g6K.LM Cy++ ++  ++\ +,g6K.LM J/CyO+O+ O+  O+d +,- J/++  +@>&>& 4S>3s8 #$ >&Bc3hs8.  X s8 8 +,g6K.LM J/!#Y&+&+&+  &+rE